30th June 2025
Thought Leadership Article Published on LinkedIn
Author: Norbert Bonnici, Team Lead – Network & Security
For many, cybersecurity may appear distant from financial intelligence. However, as threats become increasingly sophisticated, the boundaries between these disciplines are increasingly blurred. My experience during Locked Shields 2025 exemplified this reality.
My journey to join the Financial Intelligence Analysis Unit (FIAU) was anything but conventional. I hold a double honours degree in Physics and Computer Information Systems, which instilled in me a systematic approach to problem-solving. I break down challenges into their fundamental components and strategically approach their resolution. Initially, I diverged into scientific computing, contributing to the Square Kilometre Array (SKA) radio telescope project in collaboration with the University of Oxford, developing backend digital signal processing components. I then joined the European Space Agency (ESA) as a trainee in the On-Board Computers and Data Handling Section. This role immersed me in designing fault-tolerant digital systems, crucial for the harsh conditions of space launches and orbital operations. I gained hands-on experience with satellites currently orbiting Earth and deepened my understanding of radiation-hardened electronics. Following this, I took on diverse technical roles, from validating digital systems now forming the communication backbone of the Ariane 6 launcher, to designing avionics for next-generation aircraft. Eventually, I shifted focus toward digital forensics and incident response, specifically supporting National Critical Infrastructure (NCI), which bridged my engineering past with the evolving threats of the cyber realm. This unique trajectory equipped me with the insight to recognise how technological resilience directly underpins the FIAU’s mission of protecting the economy, society, and subject persons, thus ensuring Malta remains a trusted global financial hub.
My recent work highlighted a disturbing trend: nation-state-backed cyber groups actively targeting vulnerable organisations, coercing ransom payments in cryptocurrency, and laundering funds through sophisticated mixers. These illicit proceeds are often used to circumvent sanctions and even fund terrorist activities, such as North Korea’s nuclear weapons program. Witnessing this convergence of cybercrime and financial crime first-hand was the catalyst for me to join the FIAU, where I now contribute directly to the fight against money laundering and terrorist financing. Strengthening cybersecurity defences isn’t just a technical imperative; it’s a strategic barrier to financial exploitation. Cybersecurity is at the heart of the FIAU and a key tool to combat ML/FT and protect subject persons from being exploited for these purposes.
Last month, I was honoured to represent the FIAU at Locked Shields 2025, the world’s largest and most complex international live-fire cyber defence exercise. Organised by the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, the exercise simulates wide scale cyberattacks against critical infrastructure, including power grids, financial services, and military networks. The goal is to stress-test national capabilities under real-time pressure.
Malta’s participation in the 15th edition of Locked Shields was led by the Ministry for Home Affairs, Security and Employment (MHSE), in collaboration with the Malta Information Technology Agency (MITA) and the National Cybersecurity Steering Committee (NCSC). Malta joined forces with Slovakia, forming one of 17 multinational teams from 41 nations. Our 16-member Maltese team was composed of professionals from MITA, MHSE, the Armed Forces of Malta, Malta Police Force, Critical Infrastructure Protection, the FIAU, the Malta Gaming Authority (MGA), the Malta Financial Services Authority (MFSA), and Bank of Valletta. Together, we provided Slovakia with critical expertise, ranging from system administration and incident response to legal guidance and strategic communications.
Malta’s team was integrated into various teams, each responsible for specific systems or incidents. Challenges faced included the disruption of a power station, identifying backdoors in diverse systems, and pinpointing exploited vulnerabilities in critical systems. Rapid alert analysis, prioritization of responses, and coordinated actions across teams were crucial, all while managing evolving threats. Each incident required not only technical remediation, but also accurate reporting and simulated press briefings; preparing us to communicate under pressure in real-world crises.
One key takeaway from the exercise was the vital importance of real-time threat intelligence sharing. During forensic investigations, we identified compromised systems leveraged by attackers. Reporting these findings to our network operations team enabled swift containment of further intrusions. At the FIAU, we’re enhancing our Threat Intelligence Platform to integrate data feeds better and share indicators of compromise (IOCs) with domestic and international partners. While maintaining the confidentiality, integrity, and availability of sensitive data remains paramount, cross-agency collaboration is essential, particularly when facing Advanced Persistent Threat (APT) actors. For Subject Persons, this creates a more secure operational landscape, where early warnings, coordinated responses, and hardened digital systems reduce the risks of exposure to criminal abuse.
Locked Shields also offered invaluable lessons in incident containment, system recovery, and crisis communication. Insights we’re now applying as part of the FIAU’s broader effort to attain ISO 27001 certification. We are currently formalizing our internal Incident Response Plan and developing robust communication strategies to improve responsiveness and clarity during emergencies, incorporating findings from the exercise.
Perhaps most significantly, the exercise reinforced that interconnected systems create shared risk. A single compromise, whether in energy, finance, or communications, can ripple across sectors, undermining national stability. That’s why the FIAU is adopting a defence-in-depth approach to cybersecurity. A multilayered “Swiss cheese” strategy with overlapping controls to ensure that threats slipping past one layer are intercepted by another. Such layered security is essential to uphold confidence in Malta’s financial ecosystem and to protect the reputation and integrity of Subject Persons operating within it, and to safeguard any individual or entity on whom the FIAU may hold data.
Participating in Locked Shields 2025 was an amazing opportunity! It sharpened my technical skills and broadened my understanding of the evolving threats to Malta’s digital ecosystem. I return to the FIAU with renewed purpose, ready to apply these lessons to protect our financial system and help build a more secure future for Malta. In doing so, we shield institutions from technical disruption and affirm Malta’s commitment to remaining a credible, well-defended jurisdiction in the face of new challenges in the cyber domain.